Self-directed risk assessment methodology enabling organizations to identify critical assets, threats, and vulnerabilities through facilitated workshops.

Developed by Carnegie Mellon's SEI, OCTAVE empowers cross-functional teams to conduct risk assessments without heavy reliance on external consultants. It emphasizes organizational context, focusing on people, processes, and technology. OCTAVE Allegro, a streamlined variant, suits smaller teams and accelerated timelines. A manufacturing firm might use OCTAVE to map threats to SCADA systems and prioritize hardening controls. The approach fosters risk ownership across business units.